Project

logstash-output-loginsight

0.0
Low commit activity in last 3 years
No release in over a year
logstash-output-loginsightellieayla/logstash-output-loginsightHomepageDocumentationSource CodeBug TrackerWiki
This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install logstash-output-loginsight. This gem is not a stand-alone program.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
10,597
Stars
1
Forks
2
Watchers
3
 Releases
Current version
0.3.1
Total releases
6
First release
2017-03-08
Latest release
2023-06-20
 Issues
Open Issues
2
Closed Issues
2
Total Issues
4
Issue Closure Rate
50%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
4
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
Apache-2.0
Average date of last 50 commits
2017-09-11
Reverse Dependencies
0

 Dependencies

Development

logstash-codec-plain
>= 0
logstash-devutils
>= 0
logstash-output-http
>= 0
rspec
>= 0

Runtime

logstash-core
>= 0
logstash-core-plugin-api
>= 1.60, <= 2.99
manticore
~> 0.6, >= 0.6.0
 Project Readme

logstash-output-loginsight

This is a plugin for Logstash, sending events to VMware vRealize Log Insight

It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.

Installation from rubygems

logstash-output-loginsight is hosted on rubygems.org. Download and install the latest gem in your Logstash deployment:

bin/logstash-plugin install logstash-output-loginsight

Verify installed version:

bin/logstash-plugin list --verbose logstash-output-loginsight
logstash-output-loginsight (0.1.12)

Usage

The plugin requires, at minimum, the hostname or IP address of a remote Log Insight server. Connections are established via HTTPS on port 9543, with certificate verification by default. If the Log Insight server carries a certificate issued by a trusted authority, a hostname is the only required option.

loginsight {
    host => "loginsightvip.example.com"
}
option default notes
host required remote server FQDN or IP
port 9543 ingestion api port 9000 uses http
proto https https or http
uuid id or 0 unique identifier for client
ssl_certificate_validation True verify certificate chain and hostname for SSL connections
cacert alternate certificate chain to trust, PEM-formatted

Self-signed Certificate

Verification of the remote certificate is done against the platform's certificate authority. If you're using a self-signed certificate, you can retrieve a copy of the certificate and then configure the client to trust it. The certificate's common name must still match the host option.

Connect to your Log Insight server and retrieve the certificate, writing it out to a PEM-formatted file. This method works for single-certificate chains, as in the self-signed case.

openssl s_client -showcerts -connect 10.11.12.13:9543 < /dev/null | openssl x509 -outform PEM > certificate.pem

For longer untrusted chains, use openssl s_client -connect 10.11.12.13:9543 -verify 1 and copy the contents of all the sections inside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----, inclusive, and save them in a newcertificate.pem file.

Pass the PEM-formatted file in the ca_file parameter:

bin/logstash -e 'input { stdin { add_field => { "fieldname" => "10" } } } output { loginsight { host => ["10.11.12.13"] verify => [true] ca_file => ["/Path to PEM/certificate.pem"] } }' --log.level=debug

AsciiDocs

Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one central location.

Need Help?

Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.

Developing

1. Plugin Developement and Testing

Code

  • To get started, you'll need JRuby with the Bundler gem installed.

  • Clone this repository.

  • Install dependencies:

bundle install

Test

  • Update your dependencies:
bundle install
  • Run tests:
bundle exec rspec

2. Running the local, unpublished plugin in Logstash

2.1 Run in a local Logstash clone

  • Edit Logstash Gemfile and add the local plugin path, for example:
gem "logstash-output-loginsight", :path => "/your/local/logstash-output-loginsight"
  • Install plugin
bin/logstash-plugin install --no-verify
  • Start Logstash and with the stdin input plugin and test connectivity to Log Insight, with debug logging:
bin/logstash -e 'input { stdin { add_field => { "fieldname" => "10" } } } output { loginsight { host => ["10.11.12.13"] } }' --log.level=debug

At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.

2.2 Run in an installed Logstash

You can use the same 2.1 method to run your plugin in an installed Logstash by editing its Gemfile and pointing the :path to your local plugin development directory. Or you can build the gem and install it using:

  • Build your plugin gem:
gem build logstash-output-loginsight.gemspec
  • Install the plugin from the Logstash home:
bin/logstash-plugin install /your/local/plugin/logstash-output-loginsight.gem
  • Start Logstash and with the stdin input plugin and test connectivity to Log Insight, with debug logging:
bin/logstash -e 'input { stdin { add_field => { "fieldname" => "10" } } } output { loginsight { host => ["10.11.12.13"] } }' --log.level=debug

Contributing

All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.